A server-side request forgery vulnerability and remote port
scanning using pingbacks. This vulnerability, which could
potentially be used to expose information and compromise a
site, affects all previous WordPress versions. This was fixed
by the WordPress security team. We'd like to thank security
researchers Gennady
Kovshenin and Ryan
Dewhurst for reviewing our work.

Two instances of cross-site scripting via shortcodes and post
content. These issues were discovered by Jon Cave of the WordPress
security team.

A cross-site scripting vulnerability in the external library
Plupload. Thanks to the Moxiecode team for working with us on
this, and for releasing Plupload 1.5.5 to address this issue.

WordPress 3.3.1 is now available. This maintenance release
fixes 15 issues with WordPress 3.3, as well as a fix for a
cross-site scripting vulnerability that affected version 3.3.
Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K., and
the Go Daddy security team for responsibly disclosing the bug
to our security team.

WordPress 3.3.1 is now available. This maintenance release
fixes 15 issues with WordPress 3.3, as well as a fix for a
cross-site scripting vulnerability that affected version 3.3.
Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K., and
the Go Daddy security team for responsibly disclosing the bug
to our security team.